QUIC proxy peering #47587
QUIC proxy peering #47587
Conversation
espadolini
added
the
no-changelog
espadolini
force-pushed
the
espadolini/quic-proxy-peering
branch
from
7163836
to
5fcc162
Compare
|
|
||
| // Sent from the server to the client as a response to a DialRequest. The | ||
| // message is likewise sent in protobuf binary format, prefixed by its length | ||
| // encoded as a little endian uint32. |
There was a problem hiding this comment.
nit: conventionally data sent over the wire is big endian. GRPC performs length prefixing using big endian uint32s. unless there is some compelling reason to not to, I'd suggest sticking with that convention.
There was a problem hiding this comment.
Counterpoint: it's 2024.
gRPC over HTTP/2 uses big endian for length prefixes because the HTTP/2 spec uses big endian and that's just how they happened to write the spec; protobuf itself uses little endian for any fixed-length integers, so "convention" should clearly not be a factor in any new protocol.
There was a problem hiding this comment.
Alright, ignoring convention... little endian byte order is an affront to god and nature and has no place in a civilized codebase. Especially for the case of a home-brewed API that we might be called upon to debug at some point, since visually parsing little endian data is annoying/weird.
There was a problem hiding this comment.
I also have a slight preference for big endian for over-the-wire data, if nothing else because I would expect it to be the case. That said, as long as it's well documented I'm OK with it.
| If the status is ok (signifying no error) then the stream will stay open, | ||
| carrying the data for the connection between the user and the agent, otherwise | ||
| the stream will be closed. For sanity's sake, the size of both messages is | ||
| limited and any oversized message is treated as a protocol violation. |
There was a problem hiding this comment.
How would it know that a message is oversized, though?
There was a problem hiding this comment.
We read the size first, if the message is oversized we just close the stream.
There was a problem hiding this comment.
I thought we capped at uint32, but later I saw we have a limit on top of the uint32, which then made this line make sense. Maybe we should mention that we have an arbitrary limit, so the messages can't use the full uint32 length?
| // Note: it won't actually have an effect, since QUIC always uses TLS 1.3, | ||
| // and TLS 1.3 ciphersuites can't be configured in crypto/tls, but for | ||
| // consistency's sake this should be passed along from the agent | ||
| // configuration. | ||
| CipherSuites []uint16 |
There was a problem hiding this comment.
If this has no effect then what is the point in having it?
There was a problem hiding this comment.
I thought it was the easiest way to prevent "Why aren't you using utils.TLSConfig?" questions.
There was a problem hiding this comment.
Kill the field and move the comment to type itself, or next to the appropriate initialization?
| s.wg.Add(1) | ||
| go s.handleConn(c) |
There was a problem hiding this comment.
Don't spread out concurrency control, that makes ownership loose and makes it harder to reason about.
| s.wg.Add(1) | |
| go s.handleConn(c) | |
| s.wg.Add(1) | |
| go func() { | |
| s.handleConn(c) | |
| s.wg.Done() | |
| }() |
There was a problem hiding this comment.
That would make sense if not for the fact that handleConn still needs to interact with the waitgroup when spawning goroutines for each stream - and this is actually somewhat important, because moving the wg.Done() out of handleConn would mean that the wg.Add(1) in it becomes very suspect, as it wouldn't be "guarded" by an active waitgroup count and thus could potentially race against waitgroup waiters.
There was a problem hiding this comment.
I politely disagree - both Serve and handleConn could use this same pattern to take care of the goroutines they spawn. A method shouldn't have to know it's running as a goroutine, or mandate this kind of setup to be called.
lib/proxy/peer/quicserver.go
Outdated
| // an empty protobuf message has an empty wire encoding, so by sending a | ||
| // size of 0 (i.e. four zero bytes) we are sending an empty DialResponse | ||
| // with an empty Status, which signifies a successful dial | ||
| if _, err := st.Write(binary.LittleEndian.AppendUint32(nil, 0)); err != nil { |
There was a problem hiding this comment.
This is clever and all but I'd rather we just did a send() call with the corresponding "OK" message.
There was a problem hiding this comment.
I don't want to bring in a fallible operation that allocates a bunch of times and initializes hidden state just to send four NULs.
There was a problem hiding this comment.
You can marshal an empty message once and reuse if you like, but the readability is needlessly suffering here.
| _, err := io.Copy(nodeConn, st) | ||
| return trace.Wrap(err) | ||
| }) | ||
| _ = eg.Wait() |
There was a problem hiding this comment.
I'll give it a shot, I suspect it would be pretty spammy tho.
There was a problem hiding this comment.
Same for debug or trace level.
lib/proxy/peer/quicserver.go
Outdated
| // available streams during a connection (so we can set it to 0) | ||
| st, err := c.AcceptStream(context.Background()) | ||
| if err != nil { | ||
| log.DebugContext(c.Context(), "Got an error accepting a stream.", "error", err) |
There was a problem hiding this comment.
As a general comment, I'd rather this function returned an error and the caller made the choice to swallow it.
There was a problem hiding this comment.
The only possible error is caused by the connection getting closed - which is also why the log line is at debug level. I'm not convinced that moving the error logging one layer above will do much for the clarity of the code, at least while this is the only exit point for the function.
There was a problem hiding this comment.
Moving the logging up makes this behave like a regular erroring function, which is already a valuable readability improvement IMO.
|
|
||
| syntax = "proto3"; | ||
|
|
||
| package teleport.quicpeering.v1alpha; |
There was a problem hiding this comment.
Maybe:
| package teleport.quicpeering.v1alpha; | |
| package teleport.quicpeering.v1alpha1; |
Bold of you to assume there will be only one alpha... ;)
There was a problem hiding this comment.
v1alpha seems to edge out (slightly) v1alpha1 in terms of google search result count - I wouldn't be opposed to v1alpha2 as a followup to v1alpha, either.
There was a problem hiding this comment.
I guess it really depends on whether we expect more alphas. If yes, then go v1alpha1. Otherwise we can do v1alpha to v1alpha2 like you said.
espadolini
force-pushed
the
espadolini/quic-proxy-peering
branch
from
5fcc162
to
a6678e0
Compare
espadolini
force-pushed
the
espadolini/quic-proxy-peering
branch
from
a6678e0
to
5fad0d5
Compare
| // Sent from a proxy to a peer proxy in a fresh QUIC stream to dial a Teleport | ||
| // resource through a QUIC proxy peering connection. The message is sent in | ||
| // protobuf binary format, prefixed by its length encoded as a little endian | ||
| // 32-bit integer. |
There was a problem hiding this comment.
| // 32-bit integer. | |
| // 32-bit unsigned integer. |
| @@ -4767,13 +4771,13 @@ func (process *TeleportProcess) initProxyEndpoint(conn *Connector) error { | |||
|
|
|||
| process.RegisterCriticalFunc("proxy.peer.quic", func() error { | |||
| if _, err := process.WaitForEvent(process.ExitContext(), ProxyReverseTunnelReady); err != nil { | |||
| logger.DebugContext(process.ExitContext(), "Process exiting: failed to start QUIC peer proxy service waiting for reverse tunnel server.") | |||
| logger.DebugContext(process.ExitContext(), "process exiting: failed to start QUIC peer proxy service waiting for reverse tunnel server") | |||
There was a problem hiding this comment.
nit: I think the "agreed" logging style is to capitalize the first word but avoid punctuation.
See the examples in RFD 0154 and this section:
The message should be a fragment, and not a full sentence. Terminating the message with punctuation should be avoided.
There was a problem hiding this comment.
Word of @rosstimothy is that the message shouldn't be capitalized and "the message should just be another key-value pair" (presumably with "message" as the key), although I agree that the RFD could be clearer on that.
There was a problem hiding this comment.
We really should update the examples and add a section stating the preferred style, I think very few of us are getting this "right" (me included apparently).
No description provided.